Towards the Development of Criteria for Mobile Device Cybersecurity Threat Classification and Communication Standard (CTC&CS)
Start Date
October 2018
End Date
October 2018
Location
KC 460
Abstract
Mobile devices are increasingly reshaping how users go about their daily lives. The increasing use of mobile devices and the unfettered access to cyberspace has introduced new threats to users. Thus, mobile device users are continually being targeted for cybersecurity threats via vectors such as: public information sharing on social media, user surveillance (geo-location, camera, etc.), phishing, malware, spyware, trojans, as well as keyloggers. However, in majority of the cases, users are uninformed of the cybersecurity threats posed by mobile devices upon purchasing it. Further, users are expected to be responsible for the security of their devices, and in recent years, financial institutions are passing the costs associated with fraud to the users due to their lack of such security. Thus, the purpose of this work-in-progress research is to design, develop, and empirically test new criteria for a Cybersecurity Threats Classification and Communication Standard (CTC&CS) for mobile devices. The theoretical foundation for this work is based on the philosophy behind the United States Occupational Safety and Health Administration (OSHA)’s Hazard Communication Standard (HCS) of Labels and Pictograms that is mainly focused on chemical substances. This research will attempt to extend HCS into the cybersecurity realms and is proposed to involve three phases: The first phase will utilize the Delphi technique to design and validate the initial criteria with cybersecurity Subject Matter Experts (SMEs); Phase 2 will operationalize the elicited and validated criteria into labels, pictograms, as well as safety data sheets; while Phase 3 will empirically test the use of the previously developed and validated criteria on a group of 100 mobile users when it comes to identify and take precautions against the cybersecurity threats depicted in the criteria.
Towards the Development of Criteria for Mobile Device Cybersecurity Threat Classification and Communication Standard (CTC&CS)
KC 460
Mobile devices are increasingly reshaping how users go about their daily lives. The increasing use of mobile devices and the unfettered access to cyberspace has introduced new threats to users. Thus, mobile device users are continually being targeted for cybersecurity threats via vectors such as: public information sharing on social media, user surveillance (geo-location, camera, etc.), phishing, malware, spyware, trojans, as well as keyloggers. However, in majority of the cases, users are uninformed of the cybersecurity threats posed by mobile devices upon purchasing it. Further, users are expected to be responsible for the security of their devices, and in recent years, financial institutions are passing the costs associated with fraud to the users due to their lack of such security. Thus, the purpose of this work-in-progress research is to design, develop, and empirically test new criteria for a Cybersecurity Threats Classification and Communication Standard (CTC&CS) for mobile devices. The theoretical foundation for this work is based on the philosophy behind the United States Occupational Safety and Health Administration (OSHA)’s Hazard Communication Standard (HCS) of Labels and Pictograms that is mainly focused on chemical substances. This research will attempt to extend HCS into the cybersecurity realms and is proposed to involve three phases: The first phase will utilize the Delphi technique to design and validate the initial criteria with cybersecurity Subject Matter Experts (SMEs); Phase 2 will operationalize the elicited and validated criteria into labels, pictograms, as well as safety data sheets; while Phase 3 will empirically test the use of the previously developed and validated criteria on a group of 100 mobile users when it comes to identify and take precautions against the cybersecurity threats depicted in the criteria.